Clever malware
A clever piece of bank account-targeting malware was recently discovered. It does the usual task of transferring money out of the victim's account. But it also has a clever trick to help delay the victim from noticing the missing money. When he checks his bank statement online, the malware-initiated fund transfers will be dynamically removed. Of course, this assume that the victim is checking his account from the previously-infected computer, but it's still an interesting trick to buy the criminal some more time.
The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.
“The Trojan is hooked into your browser and dynamically modifies the text in the html,” Ben-Itzhak says. “It’s a very sophisticated technique.”
via Threat Level
Sandia to boot behemoth botnet
I'm looking forward to finding out the results of this research!
[Sandia's] Thunderbird supercomputer will periodically run a million virtual machines all at once, all with botnet client software. By setting this large network of systems into operation, the researchers, Ron Minnich and Don Rudish, hope to better understand how botnets operate.
It's a cool idea, and could probably keep me busy forever. The only issue I have with this project is that the time and money would be better spent on trying to improve the fundamental security issues of our computing model, rather than just learning about a symptom (in this case, botnets). Still, it sounds like fun, and will hopefully produce some actionable knowledge in a year or two.
via Sandia to boot behemoth botnet -- Government Computer News.
First Mac OS X botnet activated
Macworld reported in January that illegal copies of iWork '09 and Photoshop CS4 – distributed via peer-to-peer networks – were infected with a trojan called iServices. It now appears that the botnet created from this trojan has been activated, marking this the first time a Mac OS X botnet has appeared.
A sign of things to come? Maybe. But still no reason to panic.
via Macworld UK.
The end of the world and Conficker.C
There is way too much hype about Conficker.C and what it may or may not do on April 1. I'm not sure who is feeding the media, which is fueling the hype, but it's very counterproductive. There are worse threats out there than this one botnet, and focusing all of our attention on Conficker is letting the others go unchecked.
Rather than rehash what's already known about Conficker.C, I'll just point readers to an excellent Q&A post from F-Secure. Question number one:
Q: I heard something really bad is going to happen on the Internet on April 1st! Will it?
A: No, not really.
If that's not enough information for you, read the rest of their post, and stop freaking out.
Update: I just read an interesting post on this topic from Verizon Business Security (Risk, Group Think and the Conficker Worm), which I saw thanks to TaoSecurity.